<?
/*********************************************************************************************
 * To try this script for yourself follow these steps:
 * 1. Install MySQL.
 *
 * 2. create a database:
 *	create database mysql_encode;
 *
 * 3. create a table named users with 2 columns - user, pass:
 *	create table users(user char(32),password char(64));
 *
 * 4. update the 3 php pages with the connection string:
 *	$con = mysqli_connect('127.0.0.1',<<database-user>>,<<database-pass>>,'mysql_encode');
 *
 * 5. create a user and pasword, also create 'attacker' user from the index.php page. then run the python script to break this password
 *
 * Best regards,
 * Shmuel Amar, shmuel@cyberint.com
 * www.cyberint.com
 *
 **********************************************************************************************/
 
//connect to the database:
$con = mysqli_connect(your connection-string here) or die("cant connect to database"); 

//I do not recommend to use addslashes (it is unsafe and deprecated), just for the demo
$user = addslashes($_GET['user']);
$pass = addslashes($_GET['password']);

//this is the secret-key used in encode function
$secret = 'Unb3ak3@blePa$$w0rd77888969';

//create the sql query
$sql = "update users set password = hex(encode('". $pass ."','".$secret."')) where user = '". $user ."';";

//execute query
$response = mysqli_query($con,$sql);

//print response
if($response){
	echo "changed password successfuly";
}else{
	echo mysqli_errno($con) . ": " . mysqli_error($con) . "\n";
}

//close DB connection
mysqli_close($con);

?>
